[PATCH 1/6] fs/exec: Drop task_lock() inside __get_task_comm()
Linus Torvalds
torvalds at linux-foundation.org
Sun Jun 2 20:11:07 UTC 2024
On Sun, 2 Jun 2024 at 10:53, Eric W. Biederman <ebiederm at xmission.com> wrote:
>
> The read may race with a write that is changing the location
> of '\0'. Especially if the new value is shorter than
> the old value.
It *shouldn't* happen.
So 'strscpy()' itself is written to be NUL-safe, in that if it ever
copies a NUL character, it will stop. Admittedly the byte loop at the
end might technically need a READ_ONCE() for that to eb strictly true
in theory, but in practice it already is.
And even if the new string is shorter, the comm[] array will always
have a NUL terminator _somewhere_, in how the last byte is never
non-NUL.
Now, the only real issue is if something writes *to* the comm[] array
without following the rules properly - like writing a non-NULL
character to the end of the array before then filling it in with NUL
again.
But that would be a bug on the comm[] writing side, I feel, not a bug
on the reader side.
Linus
More information about the Linux-security-module-archive
mailing list